search

Ravinou / borgwarehouse

A fast and modern WebUI for a BorgBackup's central repository server.
https://borgwarehouse.com
GNU Affero General Public License v3.0
317 stars 22 forks source link

Append only option #160

Closed lightonflux closed 1 month ago

lightonflux commented 4 months ago

You can configure borg to append only: borg config /path/to/repo append_only 1 or via authorized_keys: command="borg serve --restrict-to-path /backups/server1 --append-only" ssh-ed25519 AAAAB3…H root@server1

It would be great if there was an option in the repo setup and setting (if you want to change it later) to enable/disable append-only mode.

Ravinou commented 4 months ago

Hello @lightonflux , I had planned to include this option. However, I haven't worked on it yet, and in particular I haven't gone through all the documentation for this option.

Is the borg config command mandatory in addition to the option in the ssh file? I'll look into it, but this feature is coming ;)

lightonflux commented 4 months ago

Changing the config applies the change to the repo. It affects borg on client and server. serve --append-only only applies to the client. This way rogue clients cannot delete data, but a server side prune still works.
The config change does not make sense for borgwarehouse use case.

As you probably know append-only is a bit weird. The client can "delete" backups and the data stays on disk, but the archive is removed from the repo list anyway. So it looks like the archive was deleted. The space is still occupied. This might change with 2.0, but i haven't looked into it.

I think borgwarehouse should be able to look at the transaction log. Otherwise users might get confused by space usage reported by borg compared to the usage compared by the graphs in borgwarehouse. A good idea would be to have a stacked bar graph where the "deleted" space is shown in another colour. But this might be overkill. Usually the use case for append-only is to notify accidental or malicious deletion. So detecting a space usage mismatch and sending a notification is probably more important than a stacked graph.

You can easily test append only:

  1. Create repo with config setting.
  2. Fill it
  3. Check repo size on disk and reported by borg
  4. Delete archive
  5. Check size again
  6. On the server run `borg compact" it will not reduce the repo
  7. Remove the config option
  8. Run again. compact will remove the "deleted" chunks.

check --repair will throw an error when in append mode.

Ravinou commented 1 month ago

This option is now released in https://github.com/Ravinou/borgwarehouse/releases/tag/v2.3.0

Documentation is here.

Feel free to support my work by sponsoring me :).

Have a good evening !